This article covers several issues, and how to overcome them. Often, the same error is shown in the CB Server Settings page, and sometimes, a common error is recorded in the ePO on-premises logs. The common errors make it a little difficult to locate the cause and solution.
The following advice is provided in the
Trellix ePO - SaaS Cloud Bridge 2.1.0 Installation Guide, under the error message section:
This error occurs if there is an issue connecting to the Trellix back-end service or if the Trellix account that is associated with the email address entered is not found. This error also occurs if you type an incorrect email credential or with a valid email address and an incorrect password.
The above advice doesn't cover all causes that can lead to the CB link falling.
You're unable to link your ePO server to the Trellix account via the Trellix ePO - SaaS Cloud Bridge extension, after following the steps in the
Trellix ePO - SaaS Cloud Bridge 2.1.0 Installation Guide.
Console
Error |
Unable to get access/registration token from IAM service for the provided account credentials. See 'orion.log' for details. |
| Orion.log Error |
n/a |
| Cause |
This error can occur if the Trellix account that's associated with the email address entered isn't found.
This error also occurs if you type incorrect email credentials, or a valid email address and an incorrect password. |
| Solution |
Enter a valid email address.
OR
Enter a correct password.
If you're unable to resolve the issue, speak to your system administrator. |
| Console Error |
Unable to get access/registration token from IAM service for the provided account credentials. See 'orion.log' for details. |
| Orion.log Error |
ERROR [http-nio-8443-exec-19] registration.RegistrationProxyImpl - Unable to check multi-tenancy of the given user account: <email_address>
org.apache.http.conn.HttpHostConnectException: Connect to uam.mcafee-cloud.com:443 [uam.mcafee-cloud.com/99.84.199.12, uam.mcafee-cloud.com/99.84.199.55, uam.mcafee-cloud.com/99.84.199.114, uam.mcafee-cloud.com/99.84.199.59] failed: Connection timed out: connect |
| Cause |
The ePO server is behind a proxy network, and the Proxy settings aren't configured in the ePO on-premises Server Settings page. |
| Solution |
The ePO administrator must add the Proxy server details to the ePO on-premises Server Settings page.
For help with configuring the e-proxy setting, see the ePolicy Orchestrator 5.10.0 Product Guide. |
| Related Article |
KB94929 - Unable to link accounts in Trellix ePO - SaaS Cloud Bridge (Proxy settings) |
| Console Error |
Unable to get access/registration token from IAM service for the provided account credentials. See 'orion.log' for details |
| Orion.log Error |
ERROR [http-nio-8443-exec-19] registration.RegistrationProxyImpl - Unable to check multi-tenancy of the given user account: <email_address>
org.apache.http.conn.HttpHostConnectException: Connect to uam.mcafee-cloud.com:443 [uam.mcafee-cloud.com/99.84.199.12, uam.mcafee-cloud.com/99.84.199.55, uam.mcafee-cloud.com/99.84.199.114, uam.mcafee-cloud.com/99.84.199.59] failed: Connection timed out: connect |
| Cause |
A firewall has blocked the URLs related to Trellix ePO - SaaS Cloud Bridge, causing the account linking to fail. |
| Solution |
The administrator must allow the needed URLs in their firewall settings; see the article below for details. |
| Related Article |
KB94930 - Unable to link accounts in Trellix ePO - SaaS Cloud Bridge (Firewall issue) |
| Console Error |
Unable to get access/registration token from IAM service for the provided account credentials. See 'orion.log' for details |
| Orion.log Error |
ERROR [http-abc-9085-exec-102] registration.RegistrationProxyImpl - getAccessToken received HTTP status 401. IAM URL: https://iam.mcafee-cloud.com/iam/v1.0/tokenmsgBody: grant_type=password&scope=epo.reg_token&username=abc.
def%40test.com&password=********&client_id=0oawz1wagXnxG7lUr2p6
ERROR [http-abc-9085-exec-102] action.CloudBridgeServerSettingsAction - Cloud Bridge registration failed, IAM error code: 401 "Token Endpoint: Password grant: Error: invalid_grant - Resource owner password credentials authentication denied by sign on policy."
com.mcafee.epo.cloudbridge.RegistrationException: Could not get access token from IAM service with scope(s) epo.reg_token. |
| Cause |
Multifactor authentication is enabled for the Trellix ePO - SaaS user account. Multifactor authentication is used to link to the Trellix ePO - SaaS Cloud Bridge and Trellix ePO - SaaS Migration extension. |
| Solution |
This issue is scheduled to be resolved in Trellix ePO - SaaS Cloud Bridge 2.2, which isn't currently available.
In the interim, implement the workaround documented in the Related Article below. |
| Related Article |
KB93420 - Unable to link accounts in Trellix ePO - SaaS Cloud Bridge (Multifactor authentication enabled) |
